- From: Mike West <mkwst@google.com>
- Date: Mon, 15 Oct 2012 12:17:44 +0200
- To: Fred Andrews <fredandw@live.com>
- Cc: "public-privacy@w3.org" <public-privacy@w3.org>, runnegar@isoc.org
- Message-ID: <CAKXHy=fesOpG0vodjJ67NygErn4=w3o==UHxzDXxbcaJ0FUNXQ@mail.gmail.com>
Hello, public-privacy. :) On Sun, Oct 14, 2012 at 1:57 PM, Fred Andrews <fredandw@live.com> wrote: > The CSP spec. is nearing recommendation and I have been trying to make a > case for reporting to be optional which would allow the UA to choose to > make reporting opt-in or to report to the user if desired. My suggestions > to the WG have been met with ridicule and with claims that the reporting > does not reveal any information not already known to the content author. > For context, the original threads are http://lists.w3.org/Archives/Public/public-webappsec/2012Sep/0039.html and http://lists.w3.org/Archives/Public/public-webappsec/2012Sep/0043.html. The discussion is up and running again currently in the context of moving to CR at http://lists.w3.org/Archives/Public/public-webappsec/2012Oct/0008.html. It does seem to be the case that the several folks in the WG don't agree with your conclusions, but I personally and publicly apologize if you felt ridiculed; I don't believe that was anyone's intent. I am preparing a final response to the WG regarding CSP on the issue of the > required reporting and would welcome any input. > We'd welcome input on public-webappsec as well. Might be worth keeping the conversation in one place. The spec in question is http://www.w3.org/TR/CSP/ Thanks! -- Mike West <mkwst@google.com>, Developer Advocate Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Received on Monday, 15 October 2012 10:18:32 UTC